devices, methods, and computer programs are presented for displaying information output of a host. One apparatus includes a housing that includes a panel, a scalar, a sensor, an integrated circuit (IC), and a communications device. The panel includes a plurality of light emitting devices arranged to define an area for displaying information output from the host. The scalar is for receiving pixel data from the host computer to be displayed on the panel, and the sensor is for capturing data proximate to the panel. The IC is in communication with the scalar and the panel, the integrated circuit configured to intercept the information output from the host computer, the data of the sensor being analyzed for security control when the information output is to be presented to the scalar. The communications device is for enabling the IC to communicate with a remote computer without communicating through the host computer.
|
13. A method for monitoring user activities, the method comprising:
authenticating a user for access to a host computer, the authenticating including validation of user biometric information;
presenting information output on a display for a user while the user is authenticated, the information output being received from the host computer;
recording in a log, while the user is authenticated, the information output presented on the display with a respective timestamp, wherein the information output is recorded at predetermined time intervals and when a security event is detected;
recording user inputs in the log while the user is authenticated; and
recording metadata in the log, the metadata associated with the recorded information output and the user inputs, the metadata including information about the host computer and the user biometric information, wherein the user biometric information is captured substantially simultaneously when the information output is displayed, wherein the log includes synchronized recorded information output, user input, and metadata, such that a relationship link is made between the user, the information output and the user input, wherein the log provides an audit trail that ties the information output presented on the display to a presence of the user and to the user inputs.
1. An apparatus for displaying information output of a host computer, the apparatus comprising:
a display panel for displaying the information output using pixel data received from the host computer;
a sensor for capturing physical information about a user proximate to the display panel;
an integrated circuit defined to control when to present the received information output to the display panel, wherein the integrated circuit periodically authenticates the user with the captured physical information, the integrated circuit configured to analyze both the information output from the host computer and the physical information to determine if the user is authorized to access the information output, wherein the integrated circuit disables display of the information output by the display panel when the integrated circuit determines that the user is unauthorized to access the information output;
a communications device for transmitting a log to a remote server, the log including details regarding content included in the information output, the physical information captured when presenting the information output, and user inputs associated with the information output, such that a relationship link is made between the user, the information output and the user inputs, the communications device transmitting the log to the remote server without communicating through the host computer, wherein entries in the log are updated at predetermined intervals and when a security event is detected; and
a housing, wherein the display panel, the sensor, the integrated circuit and the communications device are defined within the housing.
12. A display for graphically illustrating information output of a host computer, comprising,
a display panel for displaying the information output using pixel data received from the host computer;
a display circuit for receiving the information output from the host computer and transmitting the information output to the display panel;
a camera for capturing image data proximate to the display panel;
an integrated circuit disposed in communication with the display circuit and the display panel, the integrated circuit configured to capture image frames of the information output, wherein the integrated circuit is configured to analyze the image data and the information output to determine if a user is authorized to access the information output, wherein the integrated circuit periodically authenticates the user with the captured image data, wherein the integrated circuit disables display of the information output by the display panel when the integrated circuit determines that the user is unauthorized to access the information output; and
a communications circuit for enabling the integrated circuit to transfer a log to a remote server, the log including details regarding content included in the information output, user inputs associated with the information output, the captured image frames when presenting the information output and the captured image data, such that a relationship link is made between the user, the information output and the user inputs, the captured image frames and the captured image data in the log being substantially synchronized to enable analysis of security control, the communication circuit being in network communication with the remote server without requiring network communication through the host computer;
wherein the security control is executed partially on the integrated circuit, or is executed on the remote computing system, and the security control executes a policy, and the policy determines when violations of the policy occur or are likely to occur, and the security control is allowed to disable the display circuit of the display using the communications circuit without requiring communication through the host computer.
2. The apparatus of
3. The apparatus of
wherein the integrated circuit enables capture of video frame data of the information output, wherein the sensor captures image frames of the user, when present, proximate to the apparatus.
4. The apparatus of
5. The apparatus of
6. The apparatus of
wherein the disabling is controlled locally based on a policy stored on the integrated circuit or based on a policy that is executed on the remote server.
7. The apparatus of
8. The apparatus of
9. The apparatus of
10. The apparatus of
11. The apparatus of
14. The method as recited in
15. The method as recited in
16. The method as recited in
17. The method as recited in
providing an indicator to the user that computer-use data is being recorded.
18. The method as recited in
19. The method as recited in
|
This application claims priority from U.S. Provisional Patent Application No. 61/474,255, filed Apr. 11, 2011, and entitled “Secure Display System for Prevention of Information Copying from any Display Screen System.” This provisional application is herein incorporated by reference.
1. Field of the Invention
The present embodiments relate to devices, methods, systems, and computer programs for improving security, and more particularly to devices, methods, systems, and computer programs for improving security embedded in a presentation display.
2. Description of the Related Art
Rapid evolution of technology and mass adoption of cheap devices, such as tablets and electronic readers with high definition displays, digital cameras, 3D printers, 3D scanners, high capacity flash storage cards with embedded WiFi, wide spread availability of Internet services, etc., have introduced challenges to businesses and individuals to protect, preserve, and enhance their intellectual property and intellectual assets.
It is in this context that embodiments arise.
Devices, methods, computer programs, and are presented for displaying information output of a host computer. It should be appreciated that the present embodiments can be implemented in numerous ways, such as a method, an apparatus, a system, a device, or a computer program on a computer readable medium. Several embodiments are described below.
In one embodiment, an apparatus includes a housing that includes a panel, a scalar, a sensor, an integrated circuit (IC), and a communications device. The panel includes a plurality of light emitting devices arranged to define an area for displaying information output from the host. The scalar is for receiving pixel data from the host computer to be displayed on the panel, and the sensor is for capturing data proximate to the panel. The IC is in communication with the scalar and the panel, the integrated circuit configured to intercept the information output from the host computer, the data of the sensor being analyzed for security control when the information output is to be presented to the scalar. The communications device is for enabling the IC to communicate with a remote computer without communicating through the host computer
In another embodiment, a display for graphically illustrating information output of a host computer includes a panel, display, a camera, and integrated circuit, and a communications circuit. The panel is defined by pixels that are arranged to define an area for displaying the information output from the host computer. The display circuit is for receiving image data from the host computer to be displayed on the panel. The camera is for capturing image data proximate to the panel. The integrated circuit is disposed in communication with the display circuit and the panel, the integrated circuit configured to capture image frames produced by the host computer, the image data being analyzed for security control while providing image frames for presentation to the display circuit. The communications circuit is for enabling the integrated circuit to communicate the captured image frames produced by the host computer and the captured image data by the camera, the captured image frames and the captured image data being substantially synchronized to enable the analysis of the security control, the communication circuit being in network communication with a remote computing system without requiring network communication of the host computer, wherein the security control is executed partially on the integrated circuit, or is executed on the remote computing system, and the security control executes a policy, and the policy determines when violations of the policy occur or are likely to occur, and the security control is allowed to disable the display circuit of the display using the communications circuit without requiring communication through the host computer.
Other aspects will become apparent from the following detailed description, taken in conjunction with the accompanying drawings.
The embodiments may best be understood by reference to the following description taken in conjunction with the accompanying drawings.
The following embodiments describe devices, methods, systems and computer programs for improving security. In one embodiment, a monitor is embedded with security circuitry to implement security on the monitor in order to protect the information presented at the monitor.
It will be apparent, that the present embodiments may be practiced without some or all of these specific details. In other instances, well known process operations have not been described in detail in order not to unnecessarily obscure the present embodiments.
Digital Cameras are now being embedded into eyewear glasses, ID cards, pens, key chains, barcode scanners, and many are capable of shooting HD quality pictures at 30 frames per second or more. Taking ‘copies’ of IPR assets, creative designs, PII (Personally Identifiable Information), PHI (Personal Health Information) is now a major business issue worldwide for businesses, governments, and individuals. Stolen information can be transmitted anywhere bypassing existing security measures employed today, such as multi factor biometric access control, firewalls, intrusion detection systems, Data Leak Prevention (DLP) systems, Physical Access Control 15 Systems (PACS), etc.
Digital Data can be vulnerable to a breach in any of the commonly recognized 4 data states:
1. “data in motion” (i.e., data that is moving through a network, including wireless transmission)
2. “data at rest” (i.e., data that resides in databases, file systems, and other structured storage methods)
3. “data in use” (i.e., data in the process of being created, retrieved, updated, or deleted)
4. “data disposed” (e.g., discarded paper records or recycled electronic media)
Sensitive data in each of these data states (with the possible exception of “data in use”) may be secured using methods that render sensitive data unusable, unreadable, or indecipherable to unauthorized individuals, such as encryption and destruction.
The exception case of “data in use” is a major issue because the data may be “leaked” via different channels: a digital image taken with a digital camera, “copy/cut/paste” of email contents, a file copy, a “print screen” to an electronic file, etc.
While several solutions have attempted to solve the Digital copying problem, the solutions have failed to address the Human factor component to act as a deterrent. (References: JP2001313006 ANTI-PHOTOGRAPH-STEALING DEVICE BY INFRA-RED LIGHT; REMOTE CONTROL SYSTEM AND ACCESS CONTROL METHOD FOR INFORMATION INPUT APPARATUS US20060242254, SYSTEMS AND METHODS FOR RECEIVING INFRARED DATA WITH A CAMERA DESIGNED TO DETECT IMAGES BASED ON VISIBLE LIGHT US20110128384A1, US20040202382 Image capture method, device and system, US20100323608A1 System and method for preventing photography, Systems and methods for disabling recording features of cameras US20070103552).
These solutions do not address the data in use leak channel via computer display, also called the “last inch/millimeter” interface from the display to the user security, a vulnerability that has been present ever since computers became prevalent.
In addition, some embodiments provide circuitry that is embedded inside a computing device (e.g., a display). In other embodiments, the security solution may be distributed across two or more different devices. For example, a separate computing device may be installed between a display and a personal computer, where the computing device is also attached to a camera that monitors the user in front of the display.
The secure displays provide in-display security enforcement, and the displays are in communication with one or more remote security servers. In one embodiment the security servers include a policy server 214, a remote policy enforcer 216, and an administrator console 218. The policy server 214 enforces security policies configured by the administrator 220, and the remote enforcer 216 receives information from the remote secure displays and provides security commands that are transmitted to the secured displays. The administrator console 218 provides a Graphical User Interface (GUI) for configuring the security policies implemented by the system, including the creation, modification, and deletion of users, security levels, security rules, logging requirements, etc.
In
The wireless communication module 310 (e.g., a WiFi transceiver) provides an alternate channel of communication from the secure display to a remote security server, which is a different communications channel from the network connection utilized by the personal computer 304. This alternate communication channel provides a robust security solution that does not rely on the assets in the personal computer 304, such as a NIC card for connecting to the network.
Besides IPR protection management, the secure embodiments presented herein may be used for applications in work flow tracking and optimization, manufacturing, testing, quality assurance, payment systems, and DRM applications.
Embodiments prevent the copying or misuse of information displayed on any monitor by employing continuous context-based smart activity processing technology. In one embodiment, every user in the range of visibility of the monitor is continuously monitored and authenticated.
In an exemplary embodiment, the secure display monitor 202 includes a security control integrated circuit (IC) that interfaces with other modules within the display 202. The display further includes a display panel (e.g., an LCD) IC 404 that drives the display panel 410, a display buffer memory 406 for storing pixel data to be displayed on the LCD 404, a side band network interface 408, and one or more sensors 416.
The security control integrated circuit 402 shares a link to the host computer with the display panel IC 404. This link provides the data to be displayed on the monitor and may utilize one or more different protocols such as HDMI, DVI, DP, etc. In addition, the security control IC 402 utilizes the side band network interface 408 to communicate with a remote security server without having to rely on networking resources from the host. The side band network interface 408 may utilize one or more communications protocols selected from a group consisting of USB, serial port, Ethernet, WiFi, Bluetooth, GPRS, any mobile communications protocol, etc.
The sensors 416 integrated in the display may include one or more of an infrared sensor, image sensor, proximity sensor, biometric sensor (e.g., fingerprint, eye recognition, etc.), Brain Computer Interface (BCI) with integrated NFC, RFID, magnetic card reader, microphone, speaker, etc. In one embodiment, the sensors 416 monitor communications near the monitor such as communications utilizing a mobile phone 412, or a smart card 414 being utilized by the user 302.
It is noted that the embodiments illustrated in
In another embodiment, user 502 is also authorized to operate with display 202. However, there is a security policy that only one user is able to access the display at any time, which causes the display being halted for having too many users accessing the display. This security policy may be useful when different users may access the same computing device, but the users may have different access levels when using the computing device. By disabling two users from accessing the display at the same time, the different security levels are enforced.
In one embodiment, the collected information include user images 710, screen captures 708, audio segments 706, images from area cameras 704, and sensor data 702. The user images are taken with the camera integrated in the display, or attached to the display, to provide information regarding the user or users situated in front of the display. Policy rules defined how often pictures of the user are taken or under what circumstances. In one embodiment, the images are taking every minute, although other intervals may also be configured. In addition, the user images may also be obtained when there are changes in front of the display (e.g., a new user enters the area) or when there is a large amount of data (e.g., beyond a threshold level of data per unit of time) being downloaded on the display. This guarantees that if a user is accessing a large amount of information, the user's image is captured.
The screen captures 708 provide, as its name implies, information regarding the appearance of the display at a given point in time. Similarly to the case of user images, screen captures may be obtained periodically or be triggered by security events. In one embodiment, the amount of data captured in the screen captures is reduced by eliminating some of the background information (e.g., Windows background photo) which is considered irrelevant for security purposes.
Audio segments 706 may also be obtained periodically or when triggered by a security event (e.g., voices detected near the secure display). Room cameras 704 provide images of an area where the display is situated (e.g. a room with a plurality of cubicles with workers in the cubicles). The sensor data 702 provides information collected by the sensors, such as temperature, humidity, air pressure, etc., and may be collected periodically or triggered under certain events.
It is noted that the embodiments illustrated in
In one embodiment, the biometric identity of the user is tied with the centrally available authentication system that uses a username and password, or any other additional data, such as physical location information, time and date, etc. The authentication utilizes multiple pieces of information to establish a physical presence of the user, which is integrated with the trusted display and computer. The trusted (e.g., secured) display device is both first and last point of interface to the user and any protected information and services are protected and available for use by an authorized user.
In one embodiment, the user is continuously authenticated throughout the session, based on physical presence and using data signals from multiple sensors integrated with the Display such as cameras, microphones, speakers, IR detectors, thermometers, proximity sensors. In one embodiment, additional inputs from other external sensors are utilized, such as pressure sensors, weight sensors, surveillance cameras in close proximity to the secured monitor in front of the user, IP addresses, MAC addresses, physical location data, etc., to improve system accuracy.
In one embodiment, the secure display is built by adding the security circuit 906, camera 308, and WiFi module 118 to an existing display. In another embodiment, the secure display is built at a factory including all the modules identified in
The security circuit 906 analyzes images captured with image capture device 308, which may be stored in memory 108 or in a dedicated memory within security circuit 906. The image analysis is utilized to provide authentication of the user 302 interfacing with the secure display, as well as for detecting security events related to unauthorized use, such as use by multiple users, user not present in front of the display, an authorized photograph taken of the display, etc.
The security circuit 906 transmits security related data (e.g., see above with reference to
An area camera 102 takes images of the work area of the user 302, and may include the work area of other users. For example, an area camera 102 may take images of a plurality of cubicles in an office, a hallway in an office floor, an office with several desks, the lobby of a building, etc.
The security circuit 906 is attached to the bus 140 and controls the output to LCD 902, by interfacing with the circuitry that drives the LCD 902 (e.g., processor 106 and pixel memory 112). In addition, the security circuit 906 interfaces with WiFi module 119 to send security data to security server 912 and to receive security and configuration commands from security server 912. In one embodiment, the security server sends authorized user information to the security server 906 information regarding the users authorized to utilize the secure display, the policy rules for implementing security in the secure display, login parameters, authenticated devices that may be utilized secure display 202 (e.g. computing device 304), etc.
In one embodiment, the security circuit 906 manages the authentication of the host computing device via an authentication module 142 embedded in the video interface 122 coupled to the video interface 908 in the host. In one embodiment, Trusted Platform Module (TPM) authentication is utilized, but other methods of authentication are also possible. TPM is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the “TPM chip” or “TPM Security Device”.
The Trusted Platform Module offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a hardware pseudo-random number generator. It also includes capabilities such as remote attestation and sealed storage. “Remote attestation” creates a nearly unforgeable hash-key summary of the hardware and software configuration. The program encrypting the data determines the extent of the summary of the software. This allows a third party to verify that the software has not been changed. “Binding” encrypts data using the TPM endorsement key, a unique RSA key burned into the chip during its production, or another trusted key descended from it. “Sealing” encrypts data in similar manner to binding, but in addition specifies a state in which the TPM must be in order for the data to be decrypted (unsealed). Software can use a Trusted Platform Module to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in as it is produced, it is capable of performing platform authentication. For example, it can be used to verify that a system seeking access is the expected system. Generally, pushing the security down to the hardware level in conjunction with software provides more protection than a software-only solution.
In one embodiment, a security monitor cloud service provides storage 1308 and processing capacity 1310 for performing security related operations, such as searching security data, analyzing data, detecting possible threats within the data, etc. A security monitor management gateway 1312 acts as the interface between the security management console system 1302 and the security monitor cloud service 1306.
In one embodiment, the computing resources 1310 are utilized for implementing the security policy, as defined by the administrator utilizing the security management console system 1302. In one embodiment, the security policy comprises a plurality of security rules, where each security rule defines one or more actions to be performed when certain conditions are met.
In one embodiment, security monitor cloud service 1306 is also utilized to monitor the out-of-band communications originated at the protected visual security zone 1314, such as mobile telephony communications, or any other type of wireless or wired communications taking place within the protected visual security zone 1314.
The communications module 350 manages the communications with the remote secure displays, as well as other network communications regarding the management and administration of the secure server architecture. The administration module 352 provides options, user interfaces, help, etc. regarding the administration of the secure environment. An administration GUI 354 provides a user interface for authenticating access by one or more administrators and for setting the administration parameters required to configure, update, delete, service, etc., the security architecture service.
The remote enforcement module 356 exchanges management and control messages with the secure terminals, and more specifically with the security circuitry in the secure terminals. For example, the remote enforcement module 356 may send commands to a security display regarding policy rules be implemented at the secure terminal, users authenticated to use the secure display, hosts computers authenticated to interface with the secure display, authentication keys, instructions to disable or enable the remote display, etc. The remote enforcement module 356 manages the data stored in a secure database 366, including all the information received from secure displays.
The policy module 358 manages the security policy and the rules comprising the security policy, regarding the authorized use of secure displays. The security policy rules may be configured via the administration GUI 354. More details with reference to policy rules are given below with reference to
It is noted that the embodiment illustrated in
In one embodiment, separate enterprise physical access control system (PACs) network is utilized to connect the secure monitor management gateway to the security management console system.
The logging of data is event driven, as discussed above. In one embodiment, the events may fall within different categories, such as normal events, exceptional events, administration events, etc. In addition, the events may be time sliced, that is, a plurality of data items related to the secure display are captured simultaneously.
In one embodiment, a GUI is provided to users of the secure displays in order to enable the users to view or get limited access to the information logged by the secure system. The user may be given total or partial access to the information. In one embodiment, the user is able to select an option to request the deletion of some data from the system. For example, a user may identify that during a certain period of time the user was accessing personal information on the display, and the user may wish to have the information removed from the system. An administrator will then determine if the request is granted or denied.
In one embodiment, user feedback is provided via a signal light similar to a video camera. The “light is on” indicator signals that “recording” is taking place. The secure monitor may also provide audio cues including different tones or computerized voice message, etc. The audio cues alert the user that their activity is being actively tracked.
In another embodiment, software selectable buttons are provided via a software menu or via hardware buttons on the monitor, similar to the buttons on a DVR for play back of activities at any time. The alert light and the playback reinforce the message that their activity has been recorded and available for any one to “see” including themselves, thus eliminating the “opportunity” for theft, enabling “rationalization” of good citizen behavior, reducing incentives ROI for quick profit, etc. The hardware or software buttons may also be controlled via access control so that only the appropriate user can access the stored data.
In one embodiment, tagging the image of a user to the computer interactions enables the tracking of computer generated transactions regarding applications and data, utilizing the user image as the tag or key. Additionally, other tags may also be utilized for searches, such as a computer display screen image. Thus, data might be searched utilizing the user image key, a screen capture, time, location, etc., in order to better track user's activities.
By linking the image key to other meta data such as IP address, MAC address, CPU ID, etc., it is possible to track, search and manage user activities by linking these keys to existing network and server log commercial product solutions.
In one embodiment, and Application Programming Interface (API) is provided to enable data access on user image key, screen image key, or some other capture security information. Current network and server log management often involve complex user interfaces. For example, some search approaches utilize Regex operations extensively. By using the “user image” key approach, log maintenance interface and activity is improved since humans are better at using visual techniques when compared to computers.
In one embodiment, the API enabling the use of user image keys and display screen keys, plus the associated metadata, to interface with, is used to enhance existing video surveillance equipment and physical access control products.
In one embodiment, the user image key may be utilized at point-of-sales (POS) terminals to provide secure transactions while eliminating the threats of credential attacks. In addition, in one embodiment, the display screen image is utilized, by performing OCR, to extract and track itemized transaction details, such as product, price, store, aisle location, cash paid, credit debit card used, coupons used, etc.
In one embodiment, the POS retail user data is gathered to provide custom services such as expense tracking, serving shopping deals, etc., by providing arbitrage interfaces to commerce, such as a shop retailer, a bank or a product vendor. In addition, it is possible to enhance Bank, remote teller ATM, ACH, mobile payments transactions security, to eliminate physical credential attacks that are common today.
The events that may trigger a policy rule may include one or more of a timer expiring, detection of a security threat, detection of an unauthorized user, detection of the use of an unauthorized application, setting a timer, detection of a photo taken of the display, detection of multiple users in front of the display, detection of an unauthorized user, detection of voices or other sounds near the display, detection of the temperature above a certain threshold temperature, detection of an RFID card near the secure display, detection of the establishment of a mobile phone call near the display, etc.
In one embodiment, a plurality of conditions associated with events may be combined utilizing logical operators (e.g., AND, OR, NOT, etc.). The policy rules may be implemented at the central security server, at the secure display, or both at the secure display and a central security server. In one embodiment, a first set of rules is downloaded to the secure display for implementation by the security circuitry inside the secure display. In addition, a second set of rules is implemented at the central security server.
In another embodiment, a third set of rules are implemented that correlate information regarding more than one secure terminal. For example, a policy rule may define to set up an alarm when all the secure displays in a room are left alone (e.g., there is no user sitting in front of any of the secure displays).
The option to search data 452 opens a new window that enables the administrator to enter search parameters for searching the security database. The search parameters may include a period of time, user ID, display ID, log data (e.g., “find users from building 7 that were using the word processor on Monday between 1:00 PM and 3 PM”), etc.
The alarms option 454 provides a separate window to set alarms, modify alarms, delete alarms, or review alarm information created by the system. The policy configuration 456 option enables administrator to set the policy rules, such as those described above with reference to
The client configuration option 458 enables the administrator to modify the client configuration (e.g., add, delete, or modify users or remote displays). Information window 466 shows a partial listing of terminal information, including user is authorized to use the remote terminal, maximum number of users that can use the terminal of the time, security level of the terminal, enabled schedule of operation, location of the terminal, policy rules for the terminal, etc.
It is noted that the embodiment illustrated in
From operation 854, the method flows to operation 856 where a check is made regarding the validity of the display. If the display is validated, the method flows to operation 858 when the display is enabled, and if the display is not enabled the method flows to operation 860, where the display is disabled.
From operation 954 method flows to operation 956, where a check is made to determine if the event detected in operation 954 is a security-related event. In one embodiment, a security event is an event resulting from the triggering of the conditions of one or more policy rules, but other types of security events are also possible.
If a security event is detected the method flows to operation 958, where the event is analyzed. In one embodiment, the remote display is disabled 964 if the security policy determines 960 that the security event requires disablement of the remote display. In addition, other types of actions may be performed based on the security event, as described above with reference to
From operation 956, the method flows to operation 962 where a check is performed to determine if the security event requires logging data. If data needs to be logged, the method flows to operation 966 to log the data, and to operation 968 to transmit the data to the remote security server.
In operation 972, a check is performed to determine if the event is a control event. In one embodiment, a control event is a command received from the secure server to be performed by the secure display, although other type of control events are also possible. If the security event is a control event, the method flows to operation 974 where the command associated with the control event is executed, and an acknowledgment that the command has been performed is sent back to the server, in operation 976. From operation 976, the method flows back to operation 954 to check for new security events.
Mass storage device 2314 represents a persistent data storage device such as a floppy disc drive or a fixed disc drive, which may be local or remote. Network interface 2330 provides connections via network 2332, allowing communications with other devices. It should be appreciated that CPU 2304 may be embodied in a general-purpose processor, a special purpose processor, or a specially programmed logic device. Input/Output (I/O) interface provides communication with different peripherals and is connected with CPU 2304, RAM 2306, ROM 2312, and mass storage device 2314, through bus 2310. Sample peripherals include display 2318, keyboard 2322, cursor control 2324, removable media device 2334, etc.
Display 2318 is configured to display the user interfaces described herein. Keyboard 2322, cursor control 2324, removable media device 2334, and other peripherals are coupled to I/O interface 2320 in order to communicate information in command selections to CPU 2304. It should be appreciated that data to and from external devices may be communicated through I/O interface 2320. The embodiments can also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a wire-based or wireless network.
A1. A display device for presenting information output of a host computer, comprising,
a panel defined from a plurality of light emitting devices that are arranged to define an area for displaying the information output from the host computer;
display logic for receiving pixel data from the host computer to be displayed on the panel;
a sensor for capturing data proximate to the panel;
an integrated circuit disposed in communication with the display logic and the panel, the integrated circuit configured to intercept or examine the information output from the host computer, the data of the sensor being analyzed for security control while enabling the information output to be presented to the display logic, wherein the display processor causes the light emitting devices of the panel to activate and the sensor for capturing data is configured to trigger a plurality of times during a use of the panel; and
a communication device for enabling the integrated circuit to communicate with a remote computer without communication with the host computer.
A2. The panel of claim A1, wherein the security control is configured to validate policies for the data captured proximate to the panel.
A3. The panel of claim A1, wherein the security control is configured to disable transfer of the intercepted information from being displayed on the panel by the display processor.
Embodiments of the present disclosure may be practiced with various computer system configurations including hand-held devices, microprocessor systems, microprocessor-based or programmable consumer electronics, minicomputers, mainframe computers and the like. The embodiments can also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a network.
With the above embodiments in mind, it should be understood that the embodiments can employ various computer-implemented operations involving data stored in computer systems. These operations are those requiring physical manipulation of physical quantities. Any of the operations described herein are useful machine operations. The e also relates to a device or an apparatus for performing these operations. The apparatus may be specially constructed for the required purpose, such as a special purpose computer. When defined as a special purpose computer, the computer can also perform other processing, program execution or routines that are not part of the special purpose, while still being capable of operating for the special purpose. Alternatively, the operations may be processed by a general purpose computer selectively activated or configured by one or more computer programs stored in the computer memory, cache, or obtained over a network. When data is obtained over a network the data maybe processed by other computers on the network, e.g., a cloud of computing resources.
One or more embodiments can also be fabricated as computer readable code on a non-transitory computer readable storage medium. The non-transitory computer readable storage medium is any non-transitory data storage device that can store data, which can be thereafter be read by a computer system. Examples of the non-transitory computer readable storage medium include hard drives, network attached storage (NAS), read-only memory, random-access memory, CD-ROMs, CD-Rs, CD-RWs, magnetic tapes and other optical and non-optical data storage devices. The non-transitory computer readable storage medium can include computer readable storage medium distributed over a network-coupled computer system so that the computer readable code is stored and executed in a distributed fashion.
Although the method operations were described in a specific order, it should be understood that other housekeeping operations may be performed in between operations, or operations may be adjusted so that they occur at slightly different times, or may be distributed in a system which allows the occurrence of the processing operations at various intervals associated with the processing, as long as the processing of the overlay operations are performed in the desired way.
Although the foregoing embodiments have been described in some detail for purposes of clarity of understanding, it will be apparent that certain changes and modifications can be practiced within the scope of the appended claims. Accordingly, the present embodiments are to be considered as illustrative and not restrictive, and the embodiments are not to be limited to the details given herein, but may be modified within the scope and equivalents of the appended claims.
Sambamurthy, Namakkal S., Krishnan, Parthasarathy
Patent | Priority | Assignee | Title |
10218773, | Feb 16 2017 | International Business Machines Corporation | Screen recording of actions that initiated a file download |
10567661, | Jan 26 2017 | Samsung Electronics Co., Ltd. | Electronic apparatus and controlling method thereof |
10713393, | Dec 15 2016 | Canon Kabushiki Kaisha | Information processing system, information processing apparatus, method of controlling the same, and storage medium |
10878739, | Jul 02 2018 | SAMSUNG ELECTRONICS CO.. LTD. | Display apparatus and controlling method thereof |
10929511, | Dec 05 2017 | Meta Platforms, Inc | Systems and methods for protecting sensitive information |
11734397, | Dec 01 2021 | International Business Machines Corporation | Hallmark-based image capture prevention |
Patent | Priority | Assignee | Title |
5915973, | Mar 11 1997 | Prometric LLC | System for administration of remotely-proctored, secure examinations and methods therefor |
7460149, | May 28 2007 | TIERRA VISTA GROUP, LLC; SECURENET SOLUTIONS GROUP, LLC | Video data storage, search, and retrieval using meta-data and attribute data in a video surveillance system |
7940929, | Nov 23 2005 | SALESFORCE, INC | Method for processing documents containing restricted information |
8024779, | Feb 26 2004 | VMware LLC | Verifying user authentication |
8219021, | Jun 05 2007 | HMH EDUCATION COMPANY | System and method for proctoring a test by acting on universal controls affecting all test takers |
8272053, | Dec 18 2003 | HONEYWELL INTERNATIONAL IN C | Physical security management system |
20020172931, | |||
20040010720, | |||
20060242254, | |||
20070048723, | |||
20070277061, | |||
20070300179, | |||
20080102435, | |||
20100205667, | |||
20100295944, | |||
20100323608, | |||
20110087766, | |||
20110128384, | |||
20110177484, | |||
20110223576, | |||
20120034584, | |||
20120042358, | |||
20120077176, | |||
20120098793, | |||
20120124559, | |||
JP2001313006, | |||
WO2007062121, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Apr 11 2012 | NSS Lab Works LLC | (assignment on the face of the patent) | / | |||
Apr 13 2012 | SAMBAMURTHY, NAMAKKAL S | NSS Lab Works LLC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 028046 | /0378 | |
Apr 13 2012 | KRISHNAN, PARTHASARATHY | NSS Lab Works LLC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 028046 | /0378 |
Date | Maintenance Fee Events |
Jun 12 2018 | M2551: Payment of Maintenance Fee, 4th Yr, Small Entity. |
Jul 25 2022 | REM: Maintenance Fee Reminder Mailed. |
Jan 09 2023 | EXP: Patent Expired for Failure to Pay Maintenance Fees. |
Date | Maintenance Schedule |
Dec 02 2017 | 4 years fee payment window open |
Jun 02 2018 | 6 months grace period start (w surcharge) |
Dec 02 2018 | patent expiry (for year 4) |
Dec 02 2020 | 2 years to revive unintentionally abandoned end. (for year 4) |
Dec 02 2021 | 8 years fee payment window open |
Jun 02 2022 | 6 months grace period start (w surcharge) |
Dec 02 2022 | patent expiry (for year 8) |
Dec 02 2024 | 2 years to revive unintentionally abandoned end. (for year 8) |
Dec 02 2025 | 12 years fee payment window open |
Jun 02 2026 | 6 months grace period start (w surcharge) |
Dec 02 2026 | patent expiry (for year 12) |
Dec 02 2028 | 2 years to revive unintentionally abandoned end. (for year 12) |